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In the Claims 

Please replace the previous claims with the following claims: 

1. (Previously Presented) A method for thwarting coordinated SYN denial of 
service (CSDoS) attacks against a server S disposed in a network of 
interconnected elements communicating using the TCP protocol, comprising the 
steps of 

controlling a network switch to divert a predetermined fraction of SYN 
packets destined for said server, to a web guard processor, 

establishing a first TCP connection between one or more clients 
originating said packets and said web guard processor, and a second TCP 
connection between said web guard processor and said server, so that packets 
can be transmitted between said one or more clients and said server, 

monitoring the number of timed-out connections between said web guard 
processor and said one or more clients, 

if the number of timed-out connections between said web guard processor 
and said one or more clients exceeds a first predetermined threshold, controlling 
said switch to divert all SYN packets destined to said server to said web guard 
processor. 

2. (Previously Presented) The method of claim 1 further comprising the step of 
generating an alarm indicating that said server is likely to be under attack. 

3. (Previously Presented) The method of claim 1 including the further steps of 

determining if the number of timed-out connections between said web guard 
processor and said clients exceeds a second predetermined threshold, and 
if so, controlling said switch to delete all SYN packets destined for said 

server. 
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4. (Previously Presented) The method of claim 3 further comprising the step of 
generating an alarm indicating that said server is under attack. 

5. (Original) The method of claim 1 further including the step of notifying said 
server that it is under attack. 

6. (Original) The method of claim 1 further including the step of notifying other 
web guard processors in said network that said server is under attack. 

7. (currently amended) A method for thwarting coordinated SYN denial of 
service (CSDoS) attacks against a server S disposed in a network of 
interconnected elements communicating using the TCP protocol, said attack 
originating from a malicious host generating SYN packets destined for said 
server, said method comprising the steps of 

arranging a switch receiving said SYN packets destined to said server to 
forward said SYN packets to a TCP proxy arranged to operate without an 
associated cache, 

wherein said TCP proxy does not establish a TCP connection, 
corresponding to a particular SYN packet, with said server until it receives a 
SYN/ACK packet corresponding to the particular SYN packet, from said 
malicious host generating SYN packets 

whoroby sa i d TCP proxy, whon subject to a CSDoS attack, doos not 
successfully e stablish a TCP connection with said maliciouo hoot, and no TCP 
conn e ct i on is made from said TCP proxy to said serv e r, th e r e by prot e cting said 
server from said attac k, 

8. (currently amended) A method for thwarting coordinated SYN denial of 
service (CSDOS) attacks against a server S disposed in a network of 
interconnected elements communicating using the TCP protocol, comprising the 
steps of 
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forwarding a statistical sampling of packets from a switch in said network 
to a processor, 

if packets in said sampling indicate an attack against said server , altering 
the operation of said switch to rcduo e th e offocts of sa i d attack forward all packets 
destined for said server to said processor . 

9. (Original) The method of claim 8 wherein said switch is arranged to discard 
packets in the event an attack is detected. 
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